[U-Boot] Booting a second stage Bootloader in FIT image

KJ H. Kiran kj.h.kiran at us.abb.com
Tue Aug 4 18:53:05 CEST 2015


HI !

I think I found a solution. I have created a new cmd in cmd_bootm file and I just loaded the loadable images. Now I am able to boot the second stage bootloader(or any application).

Thanks,
Harsha

From: KJ H. Kiran
Sent: Monday, August 03, 2015 5:34 PM
To: 'sjg at chromium.org'; 'sjg at google.com'; u-boot at lists.denx.de
Subject: RE: Booting a second stage Bootloader in FIT image


Hi Simon,

I am implementing the secure u-boot for our custom board and have a question with the current implementation of secure framework with u-boot loading the "loadables" images.

I got the latest 2015.07 mainline branch and am trying to load a bootloader( FIT format) from already loaded bootloader !

First stage--------------> 2nd stage -------------------> OS FIT
(MLO,u-boot)               (u-boot.bin)                 (kernel, RFS,DTB)


I created an .its file just to boot a 2nd stage bootloader

/dts-v1/;

/ {
            description = "ABB Measurement Product images";
            #address-cells = <1>;

            images {
                        u-boot at 1 {
                                    data = /incbin/("u-boot.bin");
                                    type = "u-boot";
                                    arch = "arm";
                                    compression = "none";
                                    load = <0x82000000>;
                                    entry = <0x82000000>;
                                    hash at 1 {
                                                algo = "sha1";
                                    };
                        };

            };
            configurations {
                        default = "2100000 at xx";
                        2100000 at xx {
                                                description = "2nd stage BL";
                                                u-boot = "u-boot at 1";
                                                       loadables = "u-boot at 1"
                                                signature at 1 {
                                                            algo = "sha1,rsa2048";
                                                            key-name-hint = "dev";
                                                            sign-images = "u-boot";
                                                };
                                    };

                        };

};

I am able to load it on my device and successfully verify the signature.  How ever the bootm command is trying to find an os image every time. I have looked at the cmd_bootm.c file and looks like it checks for the valid os image for booting.

I think it would be good if a special case in bootm is introduced which can just load the "loadable" images independent of the kernel image.  This will allow the users to support multiple image scenario without any depencies. I think a separate command is necessary which can verify a signature and just load the "loadable" images in the required memory addresses.

Is there a way kernel images loading can be ignored in bootm ?

Testing:

I tried to load my bootloader fit image  and run it with  bootm $loadaddr:u-boot command
U-Boot# bootm $loadaddr:u-boot
## Loading kernel from FIT Image at 82800000 ...
   Trying 'u-boot' kernel subimage
     Description:  unavailable
     Created:      2015-08-03  21:45:12 UTC
     Type:         Standalone Program
     Compression:  uncompressed
     Data Start:   0x828000b4
     Data Size:    385283 Bytes = 376.3 KiB
     Architecture: ARM
     Load Address: 0x82000000
     Entry Point:  0x82000000
     Hash algo:    sha1
     Hash value:   d44663a203a151fe52c93029ec1fecee0d30192a
   Verifying Hash Integrity ... sha1+ OK
No Unknown OS ARM Kernel Image Image
ERROR: can't get kernel image!

If I use the bootm $loadaddr#configuration  command it tries to run the kernel image and it crashes but loads my required image at the memory address.

Thanks,
[cid:image002.png at 01CFF360.603F39C0]

Harsha Kiran KJ
Software engineer II
ABB Inc.
7051 Industrial Boulevard
74006, Bartlesville, Oklahoma, UNITED STATES
Phone: +1 9183384851
Mobile: +1 4053854043
email: k<mailto:ricardo.andujar at us.abb.com>j.h.kiran at us.abb.com



-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2174 bytes
Desc: image001.png
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20150804/e7137f93/attachment.png>


More information about the U-Boot mailing list